Malware scan of installplus500.exe (Downloader) 69182107c2c05a89f3c0cba4b0b172b62e2d4747

File name:

installplus500.exe

Publisher:

Plus500 LTD (signed and verified)

Product:

Downloader

Version:

24, 24, 24, 24

MD5:

e6afb0789013412eb5db2df12b33ee69

SHA-1:

69182107c2c05a89f3c0cba4b0b172b62e2d4747

SHA-256:

b44539d3625e123806c3f58f80fb0f8eabaf3d57e5abe324db2a4177d48abe87

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/19/2024 1:04:14 AM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

HV_ZYX_BK08273A.TOMC

7.2.329

File size:

375.5 KB (384,488 bytes)

Product version:

24, 24, 24, 24

Copyright:

Original file name:

Downloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Signed by:

Plus500 LTD

Authority:

Thawte, Inc.

Valid from:

4/20/2014 1:00:00 AM

Valid to:

7/10/2016 12:59:59 AM

Subject:

CN=Plus500 LTD, O=Plus500 LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

031183F8BA44C6DB1F7305BE0C6A6689

Compilation timestamp:

2/24/2014 12:25:52 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:5br4/Uu59fyzp+V7uYQshpFT9Si2o0Yo+1550h:B8/Uu59fMpQ7LQshpxxz0D+15c

Entry address:

0x30D7E

Entry point:

E8, 10, B5, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 28, 53, 56, FF, 75, 0C, 8D, 4D, F0, E8, 4B, F6, FF, FF, 8B, 75, 08, 33, DB, 3B, F3, 75, 28, E8, C5, 26, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 10, DC, FF, FF, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, D9, EE, EB, 61, 8B, 45, F0, 83, B8, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, F0, 50, 0F, B6, 06, 6A, 08, 50, E8, C6, A8, 00, 00, 83, C4, 0C, EB, 10, 0F, B6, 0E, 8B, 80, C8, 00, 00, 00, 0F, B7, 04, 48, 83, E0, 08... 
[+]

Entropy:

6.3545

Code size:

287 KB (293,888 bytes)

Program Uninstaller

Program name:

Plus500

Uninstall string:

C:\Program Files (x86)\Plus500\Plus500.exe /uninstall

The file installplus500.exe has been seen being distributed by the following 3 URLs.

http://download.plus500.co.uk/DownloadService.svc/InstallNewDownloader?bid=0&hl=en&id=2093&tags=g_sr UKSearch_cp ShareRoyalMail_ag sell**royal**mail**shares_ks Phrase_mt c_de g_nt &refurl=http://www.google.co.uk/aclk?sa=l&ai=C27Lg_GJmVL6vNOacjAbBtoDQBtHBuvAFibbQ8rIBpvzYg9sBCAAQASgDYLuGgIDQCqABz_rs7QPIAQGpAliVZ-Cz9bQ-qgQoT9DdLl-bbboLG6FzA-jfO7vV718QaW0dEcLSGTQcW4cmMYKylplV0oAHmYWTEogHAZAHAqgHpr4b&sig=AOD64_0uJEhiVXnEIAxN29s_KMrxtE-VKA&rct=j&q=&ved=0CCEQ0Qw&adurl=http://www.plus500.co.uk/.../RMG-L?id=2093&tags=g_sr UKSearch_cp ShareRoyalMail_ag sell**royal**mail**shares_ks Phrase_mt c_de g_nt &א&gclid=CjwKEAiA7ZajBRCpur2xi47n1zkSJADqV2WlMTJHeNfpXhtmDm5674ufUIYz_uf15RKXMo-6CE3tGhoCUd_w_wcB